ctf-solver

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires extracting and reporting flags (secret values) from environment variables, files, or responses and documenting them verbatim (e.g., "FLAG{...}"), and it also directs generating scripts/requests that may embed such secrets, forcing the LLM to output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly activates on user-provided CTF challenges that can include environment endpoints and instructs the agent to use Python requests and sockets to interact with those HTTP/TCP endpoints, meaning it will fetch and read content from arbitrary (potentially public/untrusted) URLs/environments supplied by third parties.